<?php
if (!empty($_FILES) && isset($_REQUEST['secureKey']) && !empty($_REQUEST['secureKey'])) {
	$tempFile = $_FILES['Filedata']['tmp_name'];
    $extension = explode('.', $_FILES['Filedata']['name']);
    $extension = end($extension);
    $extension = strtolower($extension);

    $ext_allow = array('gif','jpg','zip','doc','png','bmp','jpeg');
    if (!in_array($extension,$ext_allow)) die;
	
	$secureKey = explode('---', $_REQUEST['secureKey']);
	if (is_array($secureKey) && sizeof($secureKey) == 2) {
		if (!include_once(dirname(__FILE__).'/../../../../config/config.inc.php')) die;
		if (!include_once (dirname(__FILE__).'/../../../../init.php')) die;
		$secureKeyName = $secureKey[0];
		$secureKeyValue = $secureKey[1];
		if (preg_match('#_UPLOAD_SECURE_KEY#', $secureKeyName) && strlen($secureKeyValue) == 16 && (_PS_VERSION_ >= 1.5 ? Configuration::getGlobalValue($secureKeyName) : Configuration::get($secureKeyName)) == $secureKeyValue) {
			$targetPath = realpath(realpath(dirname(__FILE__)) . '/../../uploads/temp') . '/';
			// Delete prev file
			if(isset($_REQUEST['filename']) && $_REQUEST['filename'] && file_exists($targetPath.$_REQUEST['filename']))
				unlink($targetPath.$_REQUEST['filename']);
			$targetFile = str_replace('//','/',$targetPath) . uniqid().'.'.$extension;
			move_uploaded_file($tempFile,$targetFile);
			echo basename($targetFile);
		} else {
			die;
		}
	} else {
		die;
	}
} else {
	die;
}
?>